[wp-trac] [WordPress Trac] #37210: Update PHPMailer to 5.2.19
WordPress Trac
noreply at wordpress.org
Wed Dec 28 08:17:59 UTC 2016
#37210: Update PHPMailer to 5.2.19
-------------------------------------+--------------------
Reporter: MattyRob | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 4.7.1
Component: External Libraries | Version:
Severity: critical | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+--------------------
Changes (by dd32):
* version: 4.6 =>
* type: enhancement => task (blessed)
* milestone: Awaiting Review => 4.7.1
Comment:
The WordPress Security team is aware of the PHPMailer issues. We've been
in contact with the author and security researchers and discussing the
fixes.
Presently, '''WordPress Core (and as a result, anything utilising
`wp_mail()`) are unaffected by the recent disclosures''', the
vulnerabilities require the usage of a PHPMailer feature which WordPress &
`wp_mail()` does not use. This applies to WordPress 4.7, 4.6.x, and all
previous secure versions.
''A note on plugins: If plugins are correctly utilising `wp_mail()`
they'll not be affected either, however, if a plugin is doing something
wrong, the plugins team will be in contact with the plugin authors.''
The upcoming 4.7.1 release will contain mitigation for these issues, we're
committed to only shipping secure libraries with WordPress - regardless of
whether we use the feature or not.
We don't have any specific timing details to share at present, however the
preparations for a 4.7.1 release was already underway when we learnt about
the issues.
@sebastian.pisula, @MattyRob, @sfpt - Thank you for the patches, and
catching the hacks we've made and including them.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37210#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list